1Corstone SSE-300 with Ethos-U55/U65 Example Subsystem for Arm Ecosystem FVP and for MPS3 (AN547, AN552)
2=======================================================================================================
3Introduction
4------------
5
6Corstone-300 is an Arm reference subsystem for secure System on Chips
7containing an Armv8.1-M Cortex-M55 processor and an Ethos-U55/U65 neural
8network processor. It is an MPS3 based platform with the usual MPS3
9peripherals.
10
11This platform port supports all TF-M regression tests (Secure and Non-secure)
12with Isolation Level 1 and 2.
13
14.. note::
15
16   For Ethos-U55/U65 IP this platform support only provides base address,
17   interrupt number and an example NPU setup as non-secure, unprivileged.
18
19.. note::
20
21   For Armclang compiler v6.18 or later version is required.
22
23Building TF-M
24-------------
25
26Follow the instructions in :doc:`Building instructions </building/tfm_build_instruction>`.
27^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
28
29Build instructions with platform name: arm/mps3/corstone300/an547
30^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
31``-DTFM_PLATFORM=arm/mps3/corstone300/an547``
32
33.. note::
34
35   For Ethos-U55/U65 IP this platform support only provides base address,
36   interrupt number and an example NPU setup as non-secure, unprivileged.
37
38Build instructions with platform name: arm/mps3/corstone300/an552
39^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
40``-DTFM_PLATFORM=arm/mps3/corstone300/an552``
41
42.. note::
43
44   For Ethos-U55/U65 IP this platform support only provides base address,
45   interrupt number and an example NPU setup as non-secure, unprivileged.
46
47Build instructions with platform name: arm/mps3/corstone300/fvp
48^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
49``-DTFM_PLATFORM=arm/mps3/corstone300/fvp``
50
51.. note::
52
53   For Ethos-U55/U65 IP this platform support only provides base address,
54   interrupt number and an example NPU setup as non-secure, unprivileged.
55
56.. note::
57
58   The built binaries can be run on the Corstone-300 Ethos-U55/U65 Ecosystem FVP
59   (FVP_SSE300_MPS3). At least Ecosystem FVP version 11.22 is required.
60
61.. note::
62
63   Provisioning bundles can be generated with the ``-DPLATFORM_DEFAULT_PROVISIONING=OFF``
64   flag. The provisioning bundle binary will be generated and it's going to contain the
65   provisioning code and provisioning values.
66
67.. note::
68
69   If ``-DPLATFORM_DEFAULT_PROVISIONING=OFF`` and ``-DTFM_DUMMY_PROVISIONING=ON`` then the keys in
70   the ``tf-m/platform/ext/target/arm/mps3/common/provisioning/provisioning_config.cmake`` and the
71   default MCUBoot signing keys will be used for provisioning.
72
73   If ``-DPLATFORM_DEFAULT_PROVISIONING=OFF`` and ``-DTFM_DUMMY_PROVISIONING=OFF`` are set
74   then unique values can be used for provisioning. The keys and seeds can be changed by
75   passing the new values to the build command, or by setting the ``-DPROVISIONING_KEYS_CONFIG`` flag
76   to a .cmake file that contains the keys. An example config cmake file can be seen at
77   ``tf-m/platform/ext/target/arm/mps3/common/provisioning/provisioning_config.cmake``.
78   Otherwise new random values are going to be generated and used. For the image signing
79   the ${MCUBOOT_KEY_S} and ${MCUBOOT_KEY_NS} will be used. These variables should point to
80   .pem files that contain the code signing private keys. The public keys are going to be generated
81   from these private keys and will be used for provisioning. The hash of the public key is going to
82   be written into the ``provisioning_data.c`` automatically.
83
84   If ``-DMCUBOOT_GENERATE_SIGNING_KEYPAIR=ON`` is set then a new mcuboot signing public and private
85   keypair is going to be generated and it's going to be used to sign the S and NS binaries.
86
87   The new generated keypair can be found in the ``<build dir>/bin`` folder or in the
88   ``<install directory>/image_signing/keys`` after installation.
89   The generated provisioning_data.c file can be found at
90   ``<build directory>/platform/target/provisioning/provisioning_data.c``
91
92.. note::
93
94   The provisioning bundle generation depends on pyelftools that's have to be installed::
95
96    pip3 install pyelftools
97
98To run the example code on Corstone SSE-300 with Ethos-U55/U65 Example Subsystem for MPS3 (AN547)
99-------------------------------------------------------------------------------------------------
100FPGA image is available to download `here <https://developer.arm.com/downloads/view/AN547?entitled=true&term=an547&sortBy=availableBy>`__
101
102If the link above is not working just go to `Arm PDH <https://developer.arm.com/downloads>`__ and search for AN547.
103
104To run BL2 bootloader, TF-M example application and tests in the MPS3 board,
105it is required to have AN547 image in the MPS3 board SD card. The image should
106be located in ``<MPS3 device name>/MB/HBI<BoardNumberBoardrevision>/AN547``
107
108The MPS3 board tested is HBI0309C.
109
110#. Copy ``bl2.bin`` and ``tfm_s_ns_signed.bin`` files from
111   build dir to ``<MPS3 device name>/SOFTWARE/``
112#. Rename ``tfm_s_ns_signed.bin`` to ``tfm.bin`` (Filename should not be longer
113   than 8 characters.)
114#. Open ``<MPS3 device name>/MB/HBI0309C/AN547/images.txt``
115#. Update the ``images.txt`` file as follows::
116
117    TITLE: Arm MPS3 FPGA prototyping board Images Configuration File
118
119    [IMAGES]
120    TOTALIMAGES: 2                     ;Number of Images (Max: 32)
121
122    IMAGE0UPDATE: AUTO                 ;Image Update:NONE/AUTO/FORCE
123    IMAGE0ADDRESS: 0x00000000          ;Please select the required executable program
124    IMAGE0FILE: \SOFTWARE\bl2.bin
125    IMAGE1UPDATE: FORCEQSPI
126    IMAGE1ADDRESS: 0x00000000
127    IMAGE1FILE: \SOFTWARE\tfm.bin
128
129#. Close ``<MPS3 device name>/MB/HBI0309C/AN547/images.txt``
130#. Unmount/eject the ``<MPS3 device name>`` unit
131#. Reset the board to execute the TF-M example application
132#. After completing the procedure you should be able to visualize on the serial
133   port (baud 115200 8n1) the following messages::
134
135    [INF] Starting bootloader
136    [INF] Beginning BL2 provisioning
137    [WRN] TFM_DUMMY_PROVISIONING is not suitable for production! This device is NOT SECURE
138    [INF] Image index: 1, Swap type: none
139    [INF] Image index: 0, Swap type: none
140    [INF] Bootloader chainload address offset: 0x0
141    [INF] Jumping to the first image slot
142    [INF] Beginning TF-M provisioning
143    [WRN] TFM_DUMMY_PROVISIONING is not suitable for production! This device is NOT SECURE
144    [WRN] This device was provisioned with dummy keys. This device is NOT SECURE
145    [Sec Thread] Secure image initializing!
146    TF-M isolation level is: 0x00000001
147    Booting TF-M v1.8.1
148
149.. note::
150
151   Some of the messages above are only visible when ``CMAKE_BUILD_TYPE`` is set
152   to ``Debug``.
153
154.. note::
155
156   If ``-DPLATFORM_DEFAULT_PROVISIONING=OFF`` is set then the provisioning bundle has to
157   be placed on the ``0x10022400`` address by copying ``provisioning_bundle.bin`` and
158   renaming it to ``prv.bin``, then extending the images.txt with::
159
160    IMAGE2UPDATE: AUTO
161    IMAGE2ADDRESS: 0x00022400
162    IMAGE2FILE: \SOFTWARE\prv.bin
163
164To run the example code on Corstone SSE-300 with Ethos-U55/U65 Example Subsystem for MPS3 (AN552)
165-------------------------------------------------------------------------------------------------
166FPGA image is available to download `here <https://developer.arm.com/downloads/view/AN552?sortBy=availableBy&revision=r4p0-00rel0-1>`__
167
168If the link above is not working just go to `Arm PDH <https://developer.arm.com/downloads>`__ and search for AN552.
169
170To run BL2 bootloader and TF-M example application and tests in the MPS3 board,
171it is required to have AN552 image in the MPS3 board SD card. The image should
172be located in ``<MPS3 device name>/MB/HBI<BoardNumberBoardrevision>/AN552``
173
174The MPS3 board tested is HBI0309C.
175
176#. Copy ``bl2.bin`` and ``tfm_s_ns_signed.bin`` files from
177   build dir to ``<MPS3 device name>/SOFTWARE/``
178#. Rename ``tfm_s_ns_signed.bin`` to ``tfm.bin`` (Filename should not be longer
179   than 8 characters.)
180#. Open ``<MPS3 device name>/MB/HBI0309C/AN552/images.txt``
181#. Update the ``images.txt`` file as follows::
182
183    TITLE: Arm MPS3 FPGA prototyping board Images Configuration File
184
185    [IMAGES]
186    TOTALIMAGES: 2                     ;Number of Images (Max: 32)
187
188    IMAGE0UPDATE: AUTO                 ;Image Update:NONE/AUTO/FORCE
189    IMAGE0ADDRESS: 0x00000000          ;Please select the required executable program
190    IMAGE0FILE: \SOFTWARE\bl2.bin
191    IMAGE1UPDATE: FORCEQSPI
192    IMAGE1ADDRESS: 0x00000000
193    IMAGE1FILE: \SOFTWARE\tfm.bin
194
195#. Close ``<MPS3 device name>/MB/HBI0309C/AN552/images.txt``
196#. Unmount/eject the ``<MPS3 device name>`` unit
197#. Reset the board to execute the TF-M example application
198#. After completing the procedure you should be able to visualize on the serial
199   port (baud 115200 8n1) the following messages::
200
201    [INF] Starting bootloader
202    [INF] Beginning BL2 provisioning
203    [WRN] TFM_DUMMY_PROVISIONING is not suitable for production! This device is NOT SECURE
204    [INF] Image index: 1, Swap type: none
205    [INF] Image index: 0, Swap type: none
206    [INF] Bootloader chainload address offset: 0x0
207    [INF] Jumping to the first image slot
208    [INF] Beginning TF-M provisioning
209    [WRN] TFM_DUMMY_PROVISIONING is not suitable for production! This device is NOT SECURE
210    [WRN] This device was provisioned with dummy keys. This device is NOT SECURE
211    [Sec Thread] Secure image initializing!
212    TF-M isolation level is: 0x00000001
213    Booting TF-M v1.8.1
214
215.. note::
216
217   Some of the messages above are only visible when ``CMAKE_BUILD_TYPE`` is set
218   to ``Debug``.
219
220.. note::
221
222   If ``-DPLATFORM_DEFAULT_PROVISIONING=OFF`` is set then the provisioning bundle has to
223   be placed on the ``0x10022400`` address by copying ``provisioning_bundle.bin`` and
224   renaming it to ``prv.bin``, then extending the images.txt with::
225
226    IMAGE2UPDATE: AUTO
227    IMAGE2ADDRESS: 0x00022400
228    IMAGE2FILE: \SOFTWARE\prv.bin
229
230To run the example code on Corstone-300 Ethos-U55/U65 Ecosystem FVP
231-------------------------------------------------------------------
232FVP is available to download `here <https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps>`__
233
234#. Install the FVP
235#. Copy ``bl2.axf`` and ``tfm_s_ns_signed.bin`` files from
236   build dir to ``<FVP installation path>/models/Linux64_GCC-9.3/``
237#. Navigate to the same directory and execute the following command to start FVP::
238
239    $ ./FVP_Corstone_SSE-300_Ethos-U55 -a cpu0*="bl2.axf" --data "tfm_s_ns_signed.bin"@0x38000000
240
241#. After completing the procedure you should be able to see similar messages
242   to this on the serial port (baud 115200 8n1)::
243
244    Trying 127.0.0.1...
245    Connected to localhost.
246    Escape character is '^]'.
247    [INF] Starting bootloader
248    [INF] Beginning BL2 provisioning
249    [WRN] TFM_DUMMY_PROVISIONING is not suitable for production! This device is NOT SECURE
250    [INF] Image index: 1, Swap type: none
251    [INF] Image index: 0, Swap type: none
252    [INF] Bootloader chainload address offset: 0x0
253    [INF] Jumping to the first image slot
254    [INF] Beginning TF-M provisioning
255    [WRN] TFM_DUMMY_PROVISIONING is not suitable for production! This device is NOT SECURE
256    [WRN] This device was provisioned with dummy keys. This device is NOT SECURE
257    [Sec Thread] Secure image initializing!
258    TF-M isolation level is: 0x00000001
259    Booting TF-M v1.8.1
260
261.. note::
262
263   Some of the messages above are only visible when ``CMAKE_BUILD_TYPE`` is set
264   to ``Debug``.
265
266.. note::
267
268   If ``-DPLATFORM_DEFAULT_PROVISIONING=OFF`` is set then the provisioning bundle has to
269   be placed on the ``0x10022000`` address with::
270
271   $ ./FVP_Corstone_SSE-300_Ethos-U55 -a cpu0*="<path-to-build-directory>/bl2.axf" --data "<path-to-build-directory>/tfm_s_ns_signed.bin"@0x38000000 --data "<path-to-build-directory>/provisioning_bundle.bin"@0x10022000
272
273
274-------------
275
276*Copyright (c) 2020-2024, Arm Limited. All rights reserved.*
277